Description
A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/16/6
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1607
Related Vulnerabilities
CVE-2021-25915 Vulnerability in npm package changeset
CVE-2021-46037 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2019-10771 Vulnerability in npm package iobroker.web
CVE-2022-24437 Vulnerability in npm package git-pull-or-clone
CVE-2019-10407 Vulnerability in maven package hudson.plugins:project-inheritance